On 16 Apr 2009, at 12:27, Zirael wrote:
> > Hi, > > I am using attachment_foo for sharing files between users. Everything > works fine but I am worry about the security. > > All files are stored in the public rails folder so any browser can > easily access these files!! > I know that the folder path is specific but probably I could write a > simple script that could find some common file names. > > Guys, did you think about that during development? > Use X-sendfile, X-Accel-redirect or generate hard to guess filenames (ie /1ea39e7eacd783eda093223aebdcdf234/myfile) Fred > Is there any way to serve files by rails app. So that I could avoid > storing files in public directory? > > Is database good idea? Is it efficient way? > > Thank you. > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
